CVE-2011-2703

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-2703
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html Patch
http://secunia.com/advisories/45257 Vendor Advisory
http://secunia.com/advisories/45318 Vendor Advisory
http://secunia.com/advisories/45368 Vendor Advisory
http://trac.osgeo.org/mapserver/ticket/3903 Patch
http://www.debian.org/security/2011/dsa-2285
http://www.openwall.com/lists/oss-security/2011/07/19/11 Patch
http://www.openwall.com/lists/oss-security/2011/07/19/14 Patch
http://www.openwall.com/lists/oss-security/2011/07/20/15 Patch
http://www.securityfocus.com/bid/48720
https://bugzilla.redhat.com/show_bug.cgi?id=722545 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=723293 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html Patch
http://secunia.com/advisories/45257 Vendor Advisory
http://secunia.com/advisories/45318 Vendor Advisory
http://secunia.com/advisories/45368 Vendor Advisory
http://trac.osgeo.org/mapserver/ticket/3903 Patch
http://www.debian.org/security/2011/dsa-2285
http://www.openwall.com/lists/oss-security/2011/07/19/11 Patch
http://www.openwall.com/lists/oss-security/2011/07/19/14 Patch
http://www.openwall.com/lists/oss-security/2011/07/20/15 Patch
http://www.securityfocus.com/bid/48720
https://bugzilla.redhat.com/show_bug.cgi?id=722545 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=723293 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:umn:mapserver:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:rc2:*:*:*:*:*:*
History

21 Nov 2024, 01:28

Type Values Removed Values Added
References () http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html - Patch () http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html - Patch
References () http://secunia.com/advisories/45257 - Vendor Advisory () http://secunia.com/advisories/45257 - Vendor Advisory
References () http://secunia.com/advisories/45318 - Vendor Advisory () http://secunia.com/advisories/45318 - Vendor Advisory
References () http://secunia.com/advisories/45368 - Vendor Advisory () http://secunia.com/advisories/45368 - Vendor Advisory
References () http://trac.osgeo.org/mapserver/ticket/3903 - Patch () http://trac.osgeo.org/mapserver/ticket/3903 - Patch
References () http://www.debian.org/security/2011/dsa-2285 - () http://www.debian.org/security/2011/dsa-2285 -
References () http://www.openwall.com/lists/oss-security/2011/07/19/11 - Patch () http://www.openwall.com/lists/oss-security/2011/07/19/11 - Patch
References () http://www.openwall.com/lists/oss-security/2011/07/19/14 - Patch () http://www.openwall.com/lists/oss-security/2011/07/19/14 - Patch
References () http://www.openwall.com/lists/oss-security/2011/07/20/15 - Patch () http://www.openwall.com/lists/oss-security/2011/07/20/15 - Patch
References () http://www.securityfocus.com/bid/48720 - () http://www.securityfocus.com/bid/48720 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=722545 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=722545 - Patch
References () https://bugzilla.redhat.com/show_bug.cgi?id=723293 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=723293 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/68682 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/68682 -
Information

Published : 2011-08-01 19:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-2703

Mitre link : CVE-2011-2703

CVE.ORG link : CVE-2011-2703

JSON object : View

Products Affected

umn

  • mapserver

osgeo

  • mapserver
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')